arXiv:2405.14519v2 Announce Type: replace 
Abstract: Machine learning malware detectors are vulnerable to adversarial EXEmples, i.e., carefully-crafted Windows programs tailored to evade detection. Unlike other adversarial problems, attacks in this context must be functionality-preserving, a constraint that is challenging to address. As a consequence, heuristic algorithms are typically used, which inject new content, either randomly-picked or harvested from legitimate programs. In this paper, we show how learning malware detectors can be cast within a zeroth-order optimization framework, which allows incorporating functionality-preserving manipulations. This permits the deployment of sound and efficient gradient-free optimization algorithms, which come with theoretical guarantees and allow for minimal hyper-parameters tuning. As a by-product, we propose and study ZEXE, a novel zeroth-order attack against Windows malware detection. Compared to state-of-the-art techniques, ZEXE provides improvement in the evasion rate, reducing to less than one third the size of the injected content.

تم تقديم صيغة جديدة للتحسين من الدرجة صفر للأمثلة العدائية في كشف البرمجيات الخبيثة، حيث تعالج هذه الصيغة ضعف كاشفات البرمجيات الخبيثة المعتمدة على التعلم الآلي أمام البرامج المصممة بعناية على نظام ويندوز والتي تهدف إلى التهرب من الكشف. يسمح هذا النهج بإجراء تعديلات تحافظ على الوظائف، مما يمكّن من استخدام خوارزميات تحسين فعالة بدون تدرجات مع الحد الأدنى من ضبط المعلمات.

Se ha introducido una nueva formulación para la optimización de orden cero de ejemplos adversariales en la detección de malware, abordando la vulnerabilidad de los detectores de malware basados en aprendizaje automático ante programas de Windows diseñados cuidadosamente para evadir la detección. Este enfoque permite manipulaciones que preservan la funcionalidad, lo que posibilita el uso de algoritmos de optimización eficientes sin gradientes con un ajuste mínimo de hiperparámetros.

Une nouvelle formulation pour l'optimisation de zeroth-order des EXEmples adversariaux dans la détection de logiciels malveillants a été introduite, abordant la vulnérabilité des détecteurs de logiciels malveillants basés sur l'apprentissage automatique face à des programmes Windows soigneusement conçus pour échapper à la détection. Cette approche permet des manipulations préservant la fonctionnalité, rendant possible l'utilisation d'algorithmes d'optimisation sans gradient efficaces avec un réglage minimal des hyperparamètres.

A new formulation for zeroth-order optimization of adversarial EXEmples in malware detection has been introduced, addressing the vulnerability of machine learning malware detectors to carefully-crafted Windows programs designed to evade detection. This approach allows for functionality-preserving manipulations, enabling the use of efficient gradient-free optimization algorithms with minimal hyper-parameter tuning.

A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection

<a href="https://www.techspot.com/downloads/7748-heroic-games-launcher.html" target="_blank"><img src="https://www.techspot.com/images2/news/ts3_thumbs/2025/06/2025-06-10-ts3_thumbs-c25.jpg" width="800" height="560" style="padding: 15px 0" title="Heroic Games Launcher merges Epic, GOG, and Amazon games into a single client" /></a> Heroic Games Launcher brings your Epic, GOG, and Amazon libraries together in one fast, open-source client – no official launchers required. With built-in Proton and <a href="https://www.techspot.com/downloads/4638-wine.html">Wine</a> support, it's a favorite on <a href="https://www.techspot.com/downloads/7828-cachyos.html">Linux</a> and Steam Deck, while also offering a clean, lightweight experience on Windows and macOS. <a href="https://www.techspot.com/downloads/7748-heroic-games-launcher.html">Read Entire Article</a>

نجح Heroic Games Launcher في دمج مكتبات Epic وGOG وAmazon في عميل مفتوح المصدر واحد، مما يلغي الحاجة إلى مشغلات رسمية. تدعم هذه المنصة Proton وWine، مما يجعلها شائعة بشكل خاص بين مستخدمي Linux وSteam Deck، بينما تقدم أيضًا تجربة خفيفة الوزن لمستخدمي Windows وmacOS.

Heroic Games Launcher ha integrado con éxito las bibliotecas de Epic, GOG y Amazon en un solo cliente de código abierto, eliminando la necesidad de lanzadores oficiales. Esta plataforma es compatible con Proton y Wine, lo que la hace especialmente popular entre los usuarios de Linux y Steam Deck, al tiempo que ofrece una experiencia simplificada para los usuarios de Windows y macOS.

Heroic Games Launcher a réussi à intégrer les bibliothèques d'Epic, GOG et Amazon en un seul client open-source, éliminant ainsi le besoin de lanceurs officiels. Cette plateforme prend en charge Proton et Wine, ce qui la rend particulièrement populaire auprès des utilisateurs de Linux et de Steam Deck, tout en offrant une expérience simplifiée pour les utilisateurs de Windows et macOS.

Heroic Games Launcher has successfully integrated libraries from Epic, GOG, and Amazon into a single, open-source client, eliminating the need for official launchers. This platform supports Proton and Wine, making it particularly popular among Linux and Steam Deck users, while also providing a streamlined experience for Windows and macOS users.

A New Formulation for Zeroth-Order Optimization of Adversarial EXEmples in Malware Detection

Was this article worth reading? Share it

Humanize AI

ZeroThreat

E2B Dev

GPTHumanizer

SafeWrite AI

LabEx

Ready to build your own newsroom?